Hello, citing *http://stackoverflow.com/questions/30237946/google-app-engine-inter-module-communication-authorization#comment49814138_30237946* the problem I have is that in the Docs (communication between modules) <https://cloud.google.com/appengine/docs/python/modules/#Python_Communication_between_modules> it says:
*You can configure any manual or basic scaling module to accept requests > from other modules in your app by restricting its handler to only allow > administrator accounts, specifying login: admin for the appropriate handler > in the module's configuration file. With this restriction in place, any > URLFetch from any other module in the app will be automatically > authenticated by App Engine, and any request that is not from the > application will be rejected.* > And this is exactly the configuration I have for my module called "api1". In my *app.yaml* file I have: # can accept requests from other modules. with login: admin and they are authenticated automatically. - url: /.* script: _go_app login: admin I'm trying now, from a different module in the same app, to make a service call as suggested in the doc using *urfetch.fetch()* method, and my implementation is: from google.appengine.api import urlfetch, modules, app_identity from rest_framework.response import Response, status @api_view(['POST']) def validate_email(request): url = "http://%s/" % modules.get_hostname(module="api1") payload = json.dumps({"SOME_KEY":"SOME_VALUE"}) appid = app_identity.get_application_id() result = urlfetch.fetch(url + "emails/validate/document", follow_redirects=False, method=urlfetch.POST, payload=payload, headers={"Content-Type":"application/json") return Response({ 'status_code': result.status_code, 'content': result.content }, status=status.HTTP_200_OK) According to the documentation, having specified the *follow_redirects=False*, *fetch()* will automatically insert an header in my call (I've even tried to add it explicitly) with the *"X-Appengine-Inbound-Appid" : MY-APP-ID*. Unfortunately I get as result of the fetch call a 302 redirect, if I follow it, it's a redirect to the authentication form. This occurs in Development server as well as in Production. Can you please let me know how can I call my *api1* service inside my *validate_email* document (belonging to a different module in the same app)? Is there another way to authenticate the call since it seems the way suggested inside the documentation is not working? Thank you -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/d4c88649-5b86-47a6-a22c-0e01064a90db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.